grab the sam using linux nt password utility which spawns shells on tty3 and 4
and allows you to mount ntfs partitions
so take the sam then remove syskey (bkhive, bkreg, pwdump2)
then l0pht it with lc5
this is on the proviso you have PHYSICAL access to the box
if remotley id be footprinting to find an account with high rights then doing either brute force or privlege escalation
hope that helps a bit
nikon Xillion Computers "Trust your Technolust" http://www.xillioncomputers.com [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
